Microsoft Corp. said that the software tool used in the global cyber assault that began Friday came from code stolen from the U.S. National Security Agency, adding that the attack should serve as a wake-up call for governments over the risks of hoarding such digital weapons for use against their enemies.
The software giant's statement is the most authoritative confirmation so far of the connection between the Friday attack and attack code that was disclosed in April by an anonymous group called Shadow Brokers, which said it had obtained it from the NSA. The U.S. spying agency has declined to comment on the matter.
In a blog post Sunday, Brad Smith, Microsoft president and chief legal officer, said that the U.S. espionage agency authored the software that was eventually stolen and made its way into the hands of hackers who used it in the assault that has disrupted computers in at least 150 countries. He compared it to disclosure of hacking tools in March by the WikiLeaks organization, which said it had obtained them from the Central Intelligence Agency.
"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Mr. Smith wrote. "An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen."
Write to Jay Greene at Jay.Greene@wsj.com
(END) Dow Jones Newswires
May 14, 2017 19:18 ET (23:18 GMT)